Category Archives: Risk

How do you protect information in the event of an Event? Is this part of your business continuity plan? You do have a business continuity plan, right? Do you have a process to safeguard information you will need to resume operation?

Planes carry two “black boxes,” one a flight data recorder (which captures a lot of equipment operating data) and the other a cockpit voice recorder (which captures conversation in the cockpit). The information on these two boxes (which are actually neon orange) is used to determine the cause of a crash.

What information does your company generate that you would need to run your business following an “Event,” such as a computer crash or a hurricane, or whatever? Is that part of your normal operating policies and procedures? If you can’t get to that information, can you restart or run your business?

Is this an Information point (protecting information) , or a Governance point (having processes and procedures to protect mission-critical information), or a Compliance with policies and procedures?

How do you handle it when you have to tell your star performer that she/he’s not going to get what you told them they were going to get? Have you just put your crown jewels into play? How do you rebuild trust and confidence in your best and brightest?

Is this Information or Governance or just bad management? Does it matter whether you told them in writing or not? Is that a risk that was considered?

While the implications of a relationship of the CEO goes to Governance, are there also links to Compliance and Information? What impact did the culture have on the company’s compliance? How do investors know about the nature of a CEO’s personal relationships leaking into the corporate environment?

Who should have seen this and reported it to someone? Why didn’t the directors smell a rat?

Wells Fargo is about to be (has been) fined close to $1 billion for irregularities regarding auto loans, auto insurance, and mortgage loans. This is the civil side. This is in addition to the $185 million for the account cramming scandal in 2016, where the bank opened new accounts and credit cards that consumers did not request. The Chief Risk Officer is also retiring.

Once again, the shareholders pay mightily for the sins of (mis-)management.

By Christian Liipfert

These are comments on selected news articles, looking at the intersection and interplay of information, governance, and compliance. I started this in August 2013 for a class I was teaching at Rice University’s Jones Graduate School of Business on an introduction to information governance and information management.

Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts by email.